Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In March 2022
CVE-2022-25582
A stored cross-site scripting (XSS) vulnerability in the Column module of ClassCMS v2.5 and below allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Add Articles field.
CVSS Score
5.4
EPSS Score
0.002
Published
2022-03-25
CVE-2022-26263
Yonyou u8 v13.0 was discovered to contain a DOM-based cross-site scripting (XSS) vulnerability via the component /u8sl/WebHelp.
CVSS Score
6.1
EPSS Score
0.084
Published
2022-03-25
CVE-2020-21554
A File Deletion vulnerability exists in TinyShop 3.1.1 in the back_list parameter in controllers\admin.php, which could let a malicious user delete any file such as install.lock to reinstall cms.
CVSS Score
8.1
EPSS Score
0.003
Published
2022-03-25
CVE-2021-43090
An XML External Entity (XXE) vulnerability exists in soa-model before 1.6.4 in the WSDLParser function.
CVSS Score
9.8
EPSS Score
0.004
Published
2022-03-25
CVE-2021-46426
phpIPAM 1.4.4 allows Reflected XSS and CSRF via app/admin/subnets/find_free_section_subnets.php of the subnets functionality.
CVSS Score
6.1
EPSS Score
0.005
Published
2022-03-25
CVE-2022-25574
A stored cross-site scripting (XSS) vulnerability in the upload function of /admin/show.php allows attackers to execute arbitrary web scripts or HTML via a crafted image file.
CVSS Score
4.8
EPSS Score
0.006
Published
2022-03-25
CVE-2022-27227
In PowerDNS Authoritative Server before 4.4.3, 4.5.x before 4.5.4, and 4.6.x before 4.6.1 and PowerDNS Recursor before 4.4.8, 4.5.x before 4.5.8, and 4.6.x before 4.6.1, insufficient validation of an IXFR end condition causes incomplete zone transfers to be handled as successful transfers.
CVSS Score
7.5
EPSS Score
0.001
Published
2022-03-25
CVE-2022-1040
Known exploited
An authentication bypass vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v18.5 MR3 and older.
CVSS Score
9.8
EPSS Score
0.944
Published
2022-03-25
CVE-2022-1064
SQL injection through marking blog comments on bulk as spam in GitHub repository forkcms/forkcms prior to 5.11.1.
CVSS Score
9.0
EPSS Score
0.003
Published
2022-03-25
CVE-2021-44751
A vulnerability affecting F-Secure SAFE browser was discovered. A maliciously crafted website attached with USSD code in JavaScript or iFrame can trigger dialer application from F-Secure browser which can be exploited by an attacker to send unwanted USSD messages or perform unwanted calls. In most modern Android OS, dialer application will require user interaction, however, some older Android OS may not need user interaction.
CVSS Score
4.3
EPSS Score
0.002
Published
2022-03-25


Products
Pricing
Contact Us

Shodan ® - All rights reserved